Privacy & Information Security Law Blog

NetChoice has filed a lawsuit challenging Maryland’s Age-Appropriate Design Code Act (“AADC”) on constitutional grounds, arguing that the law’s requirements, including requirements to perform data protection impact assessments, inhibit free speech. The AADC imposes requirements on companies to provide certain protections for consumer personal data where the company knows or has reason to know the consumer is a child under the age of 18. The AADC’s obligations apply to covered entities that offer online products “reasonably likely” to be accessed by children based on at least one of various enumerated criteria in the law. The AADC took effect on October 1, 2024, and sets a deadline of April 1, 2026 for the first data protection impact assessments required under the law. In its suit, NetChoice claims  that the AADC’s “best interests of children” standard leads to impermissible state authority to restrict speech available to minors and that the required data protection impact assessments effectively compel speech from covered entities.

NetChoice brought a similar lawsuit challenging California’s Age-Appropriate Design Code. Most recently, the Ninth Circuit Court of Appeals overturned a lower court injunction blocking most of the California law from taking effect, but upheld the injunction blocking implementation of the Act’s data protection impact assessment requirements.